Listing of Claims: 

1 . (Currently Amended) An electronic voting method, comprising the steps of: 

obtaining from a signer apparatus, according to a fair blind signature 
scheme, a digital signature (y,-) of a data signal (x,) generated from a voter 
apparatus, said data signal comprising an encrypted vote (v,) of a voter; and 

establishing, at a trusted authority apparatus, a link between a data pair 
(x t , y,) comprising said data signal and said digital signature, and a signing session 
in which said data pair (x„>>,) was generated, the fair blind signature scheme 
permitting establishment of the link via a tracing signature-tracing mechanism 
protocol included in the fair blind signature scheme , said signature-tracing 
mechanism enabling the trusted authority to identify, based on a transcript of said 
signing session, the data pair (x^j) generated during said signing session. 

2. (Previously Presented) The voting method of claim 1, wherein the fair blind signature 
scheme comprises a threshold fair blind signature scheme in which the digital signature is 
generated by cooperation of a number t of n servers, where t < n, and where n-t + 1 servers 
need to be honest. 

3. (Previously Presented) The voting method of claim 1, wherein the data signal (x t ) 
corresponds to the encrypted vote (v t ) of the voter which is encrypted according to a first 
encryption scheme (Etm), said first encryption scheme being the encryption scheme of a first 
mix-net (TM) contained in a vote-tallying module. 
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4. (Previously Presented) The voting method of claim 3, further comprising the steps of: 

receiving from a voter apparatus, at a server module of said signer 
apparatus, a plurality of voter data (Id is Q, e u s t ) during a voting process, one of 
said plural voter data (Id it Q, e h si) comprising a signed blinded encrypted data 
0/) corresponding to the encrypted vote (v,) of a respective voter (v), said vote 
being encrypted according to the first encryption scheme (E T m), blinded by said 
voter, and digitally signed by said voter; 

when the voting process has ended, publishing a voter data list (Las) of all 
voter data received from the voter apparatus; 

during the voting process, receiving at a ballot-box module, from the voter 
apparatus, a plurality of ballot data (Id* C h c t , 07), one of said plural ballot data 
comprising a signed encrypted data signal (<r,), said signed encrypted data signal 
(o;) corresponding to the data signal (x,) of a respective voter encrypted according 
to a second encryption scheme (Em) of a second mix-net (M) contained in a vote- 
randomizing module, and digitally signed by said signer apparatus; 

verifying the signature of said signed encrypted data signal (a*); 

when the voting process has ended, publishing a ballot data list (L B b) of all 
ballot data having a valid voter signature; 

receiving, by a ballot-order-randomizing module, a batch of encrypted 
data signals (c<) from said ballot-box module when the voting process has ended, 
said encrypted data signals being in a first order within said batch of encrypted 
data signals (Cj); 
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retrieving, by said ballot-order-randomizing module, in said batch of 
encrypted data signals (cj), each respective data pair (x h yd by applying a second 
decryption scheme (Dm) which is an inverse of said second encryption scheme 
(Em); 

outputting, by said ballot-order-randomizing module, a data-pair list (I) of 
said retrieved data pairs (x', y,) in a second order which is different from said first 
order; and 

receiving, by said vote-tallying module, said retrieved data pairs fa, yi) in 
said second order. 

5.-8. (Canceled) 

9. (Previously Presented) The voting method of claim 1, further comprising the steps of: 

receiving said data signal (xi) to be digitally signed according to said fair 
blind signature scheme at a server module of said signer apparatus, said data 
signal (xi) comprising the vote (v f ) selected by the voter, said vote (v,) being 
encrypted according to a first encryption scheme (Etm), blinded according to said 
fair blind signature scheme and digitally signed according to a digital signature 
scheme of said voter; 

verifying, by said server module, that the digital signature (si) of the 
digitally signed data signal is valid; 

in cases where the verifying step confirms that the digital signature in the 
data signal received by said server module is valid, digitally signing by said server 
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module the blinded encrypted vote (e,) according to said fair blind digital scheme 
and outputting by said server module a digitally-signed message (S^e*)); 

unblinding the digitally-signed message (S^e,-)) to yield said digital 
signature (y t ) of the data signal (x,); 

encrypting said data signal (x,) and said digital signature (y,) of the data 
signal thereof according to a second encryption scheme (Em) to produce an 
encrypted data signal (c,); and 

signing said encrypted data signal (c,) according to the digital signature 
scheme of the voter. 

10. (Currently Amended) An electronic voting system comprising: 

a plurality of voter modules each including a first processor; and 
an admin server module including a second processor; 
wherein the first processor of said plural voter modules and the second 
processor in the admin server module cooperate during a respective signing 
session in application of a fair blind signature scheme to obtain, from said admin 
server module, a digital signature (yi) of a data signal (x,) from said one of said 
plural voter modules, said data signal (xi) comprising a respective vote (v,) of a 
voter, said fair blind signature scheme having a t re ei ng signature-tracing 
mechanism protocol which enables a trusted authority apparatus to identify, based 
on a transcript of e stablish a link b e tween a giv e n digitally sign e d data aignal and 
a signing session in which said digital signature was a data pair (x t , yd generated 
during said signing session . 
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11. (Currently Amended) A voter module including a first processor configured to 
cooperate with a second processor in an admin server module during a respective signing session 
in application of a fair blind signature scheme to obtain, from said admin server module, a digital 
signature fa) of a data signal fa) from the voter module, said data signal fa) comprising a vote 
fa) of a voter, said fair blind signature scheme having a tracing protocol signature-tracing 
mechanism which enables a trusted authority apparatus to identify, based on a transcript of 
e stablish a4ink-b e tweeH - a - givon - digitally - signed data signal and a signing session in which said 
digital signatur e was a data pair fa , y,) generated during said signing session . 

12. (Currently Amended) A computer program stored on a computer memory and 
executing on a first processor which, when used on a computer apparatus, causes the first 
processor to cooperate with a second processor in an admin server module during a respective 
signing session in application of a fair blind signature scheme, the computer program 
comprising: 

program code for obtaining, from said admin server module, a digital 
signature fa) of a data signal fa), said data signal fa) comprising a vote fa) of a 
voter; and 

program code for establishing, at a trusted authority apparatus, a link 
between a given digitally-signed data signal and a signing session in which said 
digital signature was generated, said trusted authority apparatus being enabled to 
establish the link via a tracing protocol signature-tracing mechanism included in 
the fair blind scheme , said signature-tracing mechanism enabling the trusted 
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authority to identify, based on a transcript of said signing session, the data pair 
(Xi. V i> generated during said signing session . 

13. (Currently Amended) A voting system admin server module including a first 
processor configured to cooperate with a second processor in a voter module during a respective 
signing session in application of a fair blind signature scheme to obtain, from said admin server 
module, a digital signature (yi) of a data signal (x f ) from said voter module, said data signal (x,) 
comprising a vote (v f ) of a voter, said fair blind signature scheme having a tracing protocol 
signature-tracing mechanism which enables a trusted authority apparatus to identify, based on a 
transcript of link a given digitally-sign e d data signal with a signing session, i n - which said digital 
signature was a data pair (x h vj) generated by said admin server module during said signing 
session . 

14. (Currently Amended) A computer program stored on a computer memory and 
executing on a first processor which, when used on a computer apparatus, causes the first 
processor to cooperate with a second processor in a voter module during a respective signing 
session in application of a fair blind signature scheme, the computer program comprising: 

program code for obtaining a digital signature (y,-) of a data signal (x,) from 
said voter module, said data signal (xi) comprising a vote (v,) of a voter; and 

program code for establishing, at a trusted authority apparatus, a link 
between a given digitally-signed data signal and a signing session in which said 
digital signature was generated, said trusted authority apparatus being enabled to 
establish the link via a tracing protocol signature-tracing mechanism included in 
the fair blind scheme , said signature-tracing mechanism enabling the trusted 
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authority to identify, based on a transcript of said signing session, the data pair 
fa_ , yj) generated during said signing session . 



15. (Currently Amended) A voting system ballot-order-randomizer module comprising a 
processor configured to provide: 

input means for receiving a batch of cast votes, each cast vote comprising 
an encrypted data signal (c,) comprising data fa) indicative of a respective vote 
(vj) of a voter which is digitally signed according to a fair blind signature scheme, 

said fair blind signature scheme having a tracing protocol signature-tracing 

mechanism which enables a trusted authority apparatus to identify, based on a 
transcript of establish a link b e tw e en a given digitally - signed data - signal and a 
signing session in - which said digital signature was a data pair fa, y,) generated, 
each encrypted data signal (c,) being encrypted according to a predetermined 
encryption scheme (Em); 

a mix-net (M) for decrypting said encrypted data signals (c,) by applying a 
decryption scheme (D M ) which is an inverse of said predetermined encryption 
scheme (E M ); and 

output means for outputting the decrypted signals of said batch of cast 
votes in an order different from the order of corresponding encrypted data signals 
in said batch of cast votes. 
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16. (Currently Amended) A computer program stored on a computer memory and 
executing on a processor which, when used on a computer apparatus, causes a voting system 
ballot-order-randomizer to randomize a batch of cast votes, the computer program comprising: 

program code for receiving, at an input means, a batch of cast votes, each 
cast vote comprising an encrypted data signal (c,) comprising data (xi) indicative 
of a respective vote (v,) of a voter which is digitally signed according to a fair 
blind signature scheme, said fair blind signature scheme having a tracing protocol 
signature-tracing mechanism which enables a trusted authority apparatus to 
identify, based on a transcript of e s tablish a link b e tween a giv e n digitally - sign e d 
data- signal and a signing session, in which ■ sa i d - digital signatur e was a data pair 
£xiO!i) generated, each encrypted data signal (c ( ) being encrypted according to a 
predetermined encryption scheme (Em); 

program code for decrypting, at a mix-net (M), said encrypted data signals 
(ci) by applying a decryption scheme (Dm) which is an inverse of said 
predetermined encryption scheme (Em)', and 

program code for outputting, at an output means, the decrypted signals of 
said batch of cast votes in an order different from the order of corresponding 
encrypted data signals in said batch of cast votes. 

17. (Currently Amended) A voting system tallying module comprising a processor 
configured to provide: 

input means for receiving cast votes, each cast vote comprising a data 
signal (x,) digitally signed according to a fair blind signature scheme, said fair 
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blind signature scheme having a tracing protocol signature-tracing mechanism 
which enables a trusted authority apparatus to identify, based on establish a link 
between a -given digitally - sign e d data signal and a signing session, in which said 
digitai - signature - was a data pair fx,-, yj) generated, each data signal fa) comprising 
a respective vote (v,) of a voter which is encrypted according to an encryption 
scheme (Em); and 

a mix-net (M) for decrypting said encrypted votes fa) by applying a 
decryption scheme (D T m) which is an inverse of said encryption scheme (Em)- 

18. (Currently Amended) A computer program stored on a computer memory and 
executing on a processor which, when used on a computer apparatus, causes tallying of cast 
votes, the computer program comprising: 

program code for receiving, at an input means, cast votes, each cast vote 
comprising a data signal fa) digitally signed according to a fair blind signature 
scheme, said fair blind signature scheme having a tracin g — protocol 
signature-tracing mechanism which enables a trusted authority apparatus to 
identify, based on e stabli s h a link b e tw oo n a given digitally- sign e d data signal - an d 
a signing session^ in which said digital signature was a data pair fa , W) generated, 
each data signal fa) comprising a respective vote fa) of a voter which is 
encrypted according to an encryption scheme (Etm); and 

program code for decrypting, at a mix-net (M), said encrypted votes fa) by 
applying a decryption scheme (Dm) which is an inverse of said encryption 
scheme (E m )- 
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19. (Canceled) 



20. (Previously Presented) The voting method of claim 3, further comprising the steps of: 

receiving from a voter apparatus, at a server module of said signer 
apparatus, a plurality of voter data (Id i% C b e it si) during a voting process, one of 
said plural voter data comprising a signed blinded encrypted data (ei) 
corresponding to the encrypted vote (v,) of a respective voter, said vote being 
encrypted according to the first encryption scheme, blinded by said voter, and 
digitally signed by said voter, 

when the voting process has ended, publishing a voter data list (L A s) of all 
voter data received from the voter apparatus; 

receiving from the voter apparatus, at a ballot-box module, a plurality of 
ballot data (ld b C h c it oj), one of said ballot data comprising a signed encrypted 
data signal (cri) corresponding to the data signal (xi) of a respective voter 
encrypted (c,) according to a second encryption scheme (Em) of a second mix-net 
(M) contained in a vote-randomizing module, and digitally-signed by said signer 
apparatus; 

verifying the signature of said signed encrypted data signal (c,); and 
when the voting process has ended, publishing a ballot data list (Lbb) of all 
ballot data having a valid voter signature. 

21. (Canceled) 



NYC_MIDTOWN\1925246\l 307911.000 



12 



22. (Previously Presented) The voting method of claim 3, comprising the steps of: 

receiving from a voter apparatus, at a server module of said signer 
apparatus, a plurality of voter data (Id i: C b e h si) during a voting process, one of 
said plural voter data comprising a signed blinded encrypted data (e,) 
corresponding to the encrypted vote (v ; ) of a respective voter, said vote being 
encrypted according to the first encryption scheme, blinded by said voter, and 
digitally signed by said voter, 

publishing a voter data list (L A s) of all voter data received from the voter 
apparatus when the voting process has ended. 

23. (Currently Amended) The voting method of claim 20, further comprising the steps of: 

comparing, by the server module of said signer apparatus, the voter data 
list (Las) of all voter data received from the voter apparatus with the ballot data 
list (Lbb) of all ballot data; and 

if there is an entry in the voter data list (Las) from which there is no 
corresponding entry in the ballot data list (Lbb), applying a signatur e tracing 
algorithm the signature-tracing mechanism of the fair blind signature scheme to 
identify the data pair (xj, y,) which is in the voter data list (Las) and which has no 
corresponding entry in the ballot data list (Lbb)', and 

recording the identified data pair (x h yi) in a revocation list (RL) containing 
ballots that have been rejected. 
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24. (Previously Presented) The voting method of claim 23, further comprising the steps 

of: 

receiving, by said vote-tallying module, a data pair list (I) of retrieved 
data pairs (xj, y,); 

checking, at the vote-tallying module, said data pair list (L) of data pairs 
(x,, y,) for duplicate entries; 

if there are no duplicate entries, checking a validity of digital signatures 
(yi) of data pairs of the data pair list (L); 

if the signature of data pairs of the data pair list (L) is valid, comparing 
data pairs (x u yj) of the data pair list (L) with entries of the revocation list (RL); 

if there is no data pair of the data pair list (L) in the revocation list (RL) 
decrypting the data signal (xl) of the data pairs (x h yi) by applying the decryption 
scheme (D TM ) which is an inverse of said first encryption scheme (Em)', 

tallying decrypted data signals (vj) corresponding to votes of the voters; 

and 

publishing a voting result. 

25. (Currently Amended) The voting method of claim 24, further comprising, when 
duplicate entries are found, the steps of: 

prompting the particular mix-server (MJ) to generate a zero-knowledge 
proof of correctness using the data pair (x it y,) associated to a duplicate entry as 
input to a back-tracing protocol; and 
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if a particular mix-server generates a proof of knowledge, revealing an 
identity of a misbehaving voter by implementing a back-tracing algorithm of a 
randomizing mix-net, using the data pair fa yi) associated to the duplicate entry 
as input to the back-tracing protocol; 

a pplying, by the trusted authority apparatus, the signature-tracing 
mechanism of the fair blind signature scheme to identify the data pair (xu vi) 
corresponding to the identity of the misbehaving voter; 

adding the data pair to the revocation list; and 

removing the data pair from a list of votes to be counted. 

26. (Currently Amended) The voting method of claim 24, further comprising, when an 
invalid signature is found, the steps of: 

prompting a particular mix- server (MJ) to generate a zero -knowledge proof 
of correctness using a data pair (x h yi) associated to the invalid signature as input 
to a back-tracing protocol; 

if the particular mix-server generates a proof of knowledge, revealing an 
identity of a misbehaving voter by implementing a back-tracing algorithm of a 
randomizing mix-net, using the data pair associated to the invalid signature as 
input; and 

applying, bv the trusted authority apparatus, the signature-tracing 
mechanism of the fair blind signature scheme to identify the data pair (x L , y i) 
corresponding to the identity of the misbehaving voter; 

adding the data pair to the revocation list; and 
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removing the data pair from a list of votes to be counted. 

27. (Currently Amended) The voting method of claim 24, further comprising, when a 
data pair of the data pair list is found in the revocation list, the steps of: 

prompting a particular mix-server (MJ) to generate a zero-knowledge proof 
of correctness using said data-pair fa yd found in the revocation list as input to a 
back-tracing protocol; 

if the particular mix-server generates a proof of knowledge, revealing an 
identity of a misbehaving voter by implementing a back-tracing algorithm of a 
randomizing mix-net, using said data pair found in the revocation list as input; 

applying, bv the trusted authority apparatus, the signature-tracing 
mechanism of the fair blind signature scheme to identify the data pair fc, v,) 
corresponding to the identity of the misbehaving voter; 

adding said data pair to the revocation list; and 

removing said data pair from a list of votes to be counted. 

28. (Currently Amended) An electronic voting method, comprising: 

obtaining from a signer apparatus, according to a fair blind signature 
scheme, a digital signature (v*) of a data signal (x,) generated from a voter 
apparatus, said digital signal comprising an encrypted vote (v,) of a voter; 

wherein the fair blind signature scheme includes a signature-tracing 
mechanism tracing protocol which can be implemented, at a trusted authority 
apparatus, to identify, based on a transcript of establish a link between a data pair 
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feg fo) comprising said data signal and said digital signature, and a signing 
session in which said a data pair (x it y,) comprising said data signal (x<) and said 
digital signal (v,) was generated during said signing session . 

29. (New) An electronic voting method, comprising the steps of: 

obtaining from a signer apparatus, according to a fair blind signature 
scheme, a digital signature (yi) of a data signal (x,) generated from a voter 
apparatus, said data signal comprising an encrypted vote (v*) of a voter; 

establishing, at a trusted authority apparatus, a link between a data pair 
(xh yd comprising said data signal and said digital signature, and a signing session 
in which said data pair (Xj,y,) was generated, the fair blind signature scheme 
permitting establishment of the link via a signature-tracing mechanism included in 
the fair blind signature scheme; 

receiving said data signal (x,) to be digitally signed according to said fair 
blind signature scheme at a server module of said signer apparatus, said data 
signal (xi) comprising the vote (v,) selected by the voter, said vote (v,) being 
encrypted according to a first encryption scheme (Em), blinded according to said 
fair blind signature scheme and digitally signed according to a digital signature 
scheme of said voter; 

verifying, by said server module, that the digital signature (si) of the 
digitally signed data signal is valid; 

in cases where the verifying step confirms that the digital signature in the 
data signal received by said server module is valid, digitally signing by said server 
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module the blinded encrypted vote (e,) according to said fair blind digital scheme 
and outputting by said server module a digitally-signed message (SUsO/)); 

unblinding the digitally-signed message (S^sfe)) t0 Y iel d said digital 
signature (y ; ) of the data signal (x t )\ 

encrypting said data signal (x*) and said digital signature (yi) of the data 
signal thereof according to a second encryption scheme (E M ) to produce an 
encrypted data signal (c,); and 

signing said encrypted data signal (c,) according to the digital signature 
scheme of the voter. 



NYC_MIDTOWN\1925246\l 307911.000 



18 



